Hi Malithi, Hi Ajanthan, OK. So if we think like that, how do you propose we do 2FA for security question update? Are you implying that we initiate a SSO flow with higher requested assurance level, so that in IS a step-up authentication is performed and returned back to the service provider, to update his/her security questions?
If this is possible with IS then +1 for that. But also I would like to have in the roadmap to do this purely through Rest APIs without ever leaving the service provider. Regards, Johann. On Thu, Jan 16, 2020 at 7:28 AM Malithi Edirisinghe <malit...@wso2.com> wrote: > Hi Johann, > > On Wed, Jan 8, 2020 at 4:49 AM Ajanthan Balachandran <ajant...@wso2.com> > wrote: > >> Hi Johann, >> >> I think here we are talking about two different things. Feel free to >> correct me if I am wrong. >> >> In the first case, we are trying to assert the value of the claims >> provided by the user. In the case of phone number and email claims sending >> verification code does make sense but to assert the first name or last name >> sending verification code to email or phone doesn't give enough >> assurance(usually photo ID proof is needed to verify names). >> >> What you are talking about is getting enough assurance level for the >> authenticated user by prompting 2FA to be able to update security >> questions. This should be handled by auth system not the claim verification >> system. >> > > I'm under the same understanding with Ajanthan. > It should be a 2FA flow. > > >> >> Thanks, >> Ajanthan. >> >> > Thanks, > Malithi > -- > *Malithi Edirisinghe* | Technical Lead | WSO2 Inc. > (m) +94 718176807 | (w) +94 11 214 5345 | (e) malit...@wso2.com > GET INTEGRATION AGILE > Integration Agility for Digitally Driven Business > -- *Johann Dilantha Nallathamby* | Associate Director/Solutions Architect | WSO2 Inc. (m) +94 (77) 7776950 | (w) +94 (11) 2145345 | (e) joh...@wso2.com [image: Signature.jpg]
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture